Solved

Novice Netware Question

Posted on 2004-08-31
19
336 Views
Last Modified: 2008-02-01
I'll admit right now that as far as Novell and Netware my experience is minimal to say the least...I'm working for a client that is currently in the process of phasing out Netware from their environment. Originally there were 3 Netware servers running and we are currently down to one (the other 2 weren't really in use). The 2 servers have been shut down. Apparently the 3rd server (still up) was aware of these servers and is trying to connect to them. I would like to figure out either where it is looking for these servers or at lease disable the error notification. This last server is expected to be phased out at the end of the year?

The error specifically is:

Unable to communicate with server .Lab218S.LAB218.RCHS-LABS.

0
Comment
Question by:Nuromancer
  • 10
  • 6
  • 3
19 Comments
 
LVL 34

Expert Comment

by:PsiCop
ID: 11942598
Well, you haven't bothered to specify the version of NetWare, and that's important. But since you mention that the NetWare servers seem to be aware of each other and are trying to talk, I'm going to assume you are dealing with at least NetWare v4.x, in either an IPX or TCP/IP environment (if the latter, that would mean at least NetWare v5.x). When writing your problem description, its important that you include as much info on your environment as you can - we're not there, we can't look over your shoulder, you are our only window into your situation. More info is better.

So, you're seeing messages on one or more of the servers that says something like:

   Unable to communicate with Server <SERVERNAME>

Right?

OK, we'll take NetWare v4.x and later basics for 250 points, Jack.

NetWare is a network-oriented environment (earlier versions - v3.x and before - of NetWare, as well as NT and UNIX, are server-oriented). In the NetWare environment, you don't log into a server, you log into a network, and that network consists of one or more servers that share a common database of services and security information. In this case, that database is called NDS, or Novell Directory Services, later called eDirectory (in v6.x and beyond). eDirectory is a multi-platform (runs on NetWare, Solaris, Linux, HP-UX, AIX, OS/390, et. al.) repository of information, such as names of servers, services they host, user accounts, groups, organizational rules, application objects, DHCP servers, SLP scopes...the list goes on and on. The average NDS-using network will have hundreds of object types. The NDS environment as a whole is referred to as the "NDS Tree", because of its hierarchical tree structure (it is an actual 3-dimensional database; by contrast, ActiveDirectory is a 2-D database with a 3-D view of it, because AD is just Domains under the hood).

NetWare relies on this database, and because it is so critical, it is (if one is wise) distributed across multiple servers. Each server can hold a copy, or Replica, of the database, at the administrator's option (unlike AD, where a server must be installed specifically as a DC, and cannot change roles without a re-install). The database can be Partitioned, or deliberately broken into different parts; this is useful in the geographically-dispersed environment, so that the London server does not have to hold all the New York objects. Partitioning is optional and usually occurs on geographic or WAN boundaries; AD has no partitioning ability and consequently is much less efficient. There is always at least one NDS Partition, called the [Root] Partition, as it is the root (or base) of the NDS tree. Other Partitions may or may not exist.

Partitions are Replicated for reliability. Novell recommends 3 Replicas per Partition - one Master Replica, and two Read/Write Replicas. In the event a server holding, say, the Master Replica of a Partition dies, any of the other two R/W replicas can be designated as Master. Normal NDS operations can continue un-impeded in any case - this is because NDS has true multi-master replication (AD claims it does, but in reality is a master-slave model).

Servers that host Replicas talk amongst each other, and because NDS also contains information on ever server in the tree, even if that server doesn't hold a Replica, all the servers talk to each other at some point. For example, they all agree on what time it is (Time Synchronization). In the NetWare v5.x and later environment, they exchange Service Location Protocol (SLP - NetWare is a VERY open standards-oriented environment, unlike NT/2K) information.

So, that is a tutorial. Next, I'll tackle your issue.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11942810
OK, so now we see that in the NetWare world, the network exists as a cohesive whole. Every NetWare version from this century (v5.0 and later - actually, v5.0 was released in 1999; v4.0 was released in 1995, so you can see Novell has been developing Directory Services for a LONG time) uses standards-based mechanisms to advertise their services, and they all contribute to the central pool of network information in the Directory Service. This Directory Service is the core of the network environment.

In a small, 3-server environment, there probably was not any Partitioning done, so the only Partition in existence is the [Root] Partition. In your situation, I suspect that one or both of the servers you removed from the environment was responsible for hosting an NDS Replica. Hopefully, it was not the Master Replica hosted on one of those servers.

Also hopefully, those two servers are still in existence, just shut down. If that is the case, TURN THEM BACK ON. Reconnect them to the network and get them running again like they were before you messed around. NDS will heal itself and within 12-24 hours you can expect all to be well.

Understand that because the NetWare environment operates as a cohesive whole, and not as little islands, you can't just shut servers down like that. You need to remove any Replicas they host and then delete them from the NDS tree in an ordered way. Just shutting down the server may work in the NT environment, because there is little cohesion (they can't afford it because the OS is so unreliable), but in the NetWare world, that's like cutting off an arm. Don't do it.

If those servers are not available (got tossed out the door; the CEO took them home and let his kid install Linux on the hardware; someone left them out in the rain; whatever), then you need to say that. There are procedures for recovering from such situations. Its not pretty, but it can be done.

And yes, you DO need to do this if you need that remaining NetWare server longer than this week. Right now, data is accumulating in its NDS environment, because it wants to tell the other servers about changes it sees in the network. Everything from user password changes to who logged in last. Its all piling up.

NDS uses delta-based Replication (meaning that only the changes to an object are replicated, not the whole object), so its fairly efficient, but that data is piling up with nowhere to go and sooner or later - possibly sooner - its going to cause problems. By contrast, the AD environment "replicates" entire objects, making the process consume far more bandwidth and creating problems like changes to an object made on DC A overwriting changes made to that object on DC B, which is Mickey Mouse as hell. Since the AD environment lacks time synchronization, its possible for changes to get all out of order and create a mess.

Anyway, that's the tutorial, and we need to know what the status is. If those two servers can be re-activated and re-connected to the network, then do so immediately. We'll let things settle out and then you can remove them properly and shut them back down without causing problems.

If they're not available, then we need to do some NDS Tree surgery to correct the mistake.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11942891
Sorry to hear your client is moving away from the high-reliability and flexability of NetWare. Hopefully they're moving to something equally resilient and dependable, like Linux or *NIX. TCO study after TCO study, or at least the actually independent ones, have consistently shown that Windoze costs 2x to 3x as much to own and operate as an equivalent NetWare environment. Takes more hardware (higher capital costs), higher-end hardware, and is vulnerable to a wide variety of malware. Nothing like some 16-year-old twerp in Germany being able to bring your entire network to its knees.

If they are moving to another platform, its almost certain that NDS is supported on that platform. In modern versions (eDirectory v8.6 and later), NetWare is not required. There's no need for the client to lose/have to recreate their user accounts, passwords, etc. eDirectory runs on a lot of platforms (even W2K/W2K3) and can provide a coherent management environment. Using DirXML (now called Identity Manager), eDirectory can provide a unifying meta-directory service that ties together a bunch of platforms. Can't do that with AD.

Anyway, look at http://www.novell.com/index/products.html?sourceidint=productsmenu_azindex for info on these products.

And no, I don't work for Novell, or a VAR. Just don't like to see people shoot their IT budget in the foot.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11943057
Whoops! You DID post the exact error message. My bad for missing it.
0
 

Author Comment

by:Nuromancer
ID: 11943484
the servers do still exist and right now are just unplugged. primarily they are being discontinued because 1.) netware isn't used in the environment anymore... and 2.) the hardware itself has been repeatedly failing - hence the customer's decision to decommission them. it will be possible (not on site right now) to reconnect the 2 servers and then hopefully you can point me towards the proper procedure for removing them from the Netware Environment. FYI I believe it's a 5.x release of Netware but I'm not positive on version specifics...
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11943600
Please double-check the NetWare version, as the procedures do vary slightly between versions. Wouldn't want to steer ya wrong.

Still sorry to hear the client is moving/has moved away from the reliability and cost-effectiveness of NetWare. Especially if they're a K-12 high school (like they would seem to be based on the context info you mentioned in your original posting).

Hopefully they've moved to Linux or some flavor of UNIX. Something as hackable as Windoze would be a field day for little Johnny, who has all sorts of time to run rootkits and the plethora of Windoze Script Kiddie tools faster than the several-critical-patches-a-week-on-average from M$ can be tested, let alone deployed in an environment of any size.

Shame they gave up ZENworks (http://www.novell.com/zenworks), which is better than DeepFreeze or Fortress for locking down Windoze clients and much more flexible than SMS for software distribution (try using SMS to deploy a program to something other than C:, or for unattended OS installation, or application healing, or....).

NetWare Migration Wizard (http://www.novell.com/products/mwizard/quicklook.html) could have been used to painlessly migrate the servers to new, reliable hardware. Ah, well.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 11946105
>> 1.) netware isn't used in the environment anymore...

Seems like a waste of resources.  Like filling in your basement because you only use the living room.  There must be a new MCSE in charge of their network.

Oh, well.  I hope they aren't in my school tax district...
0
 

Author Comment

by:Nuromancer
ID: 11955058
PsiCop - could you please post (or share a link) to propper procedure for decommisioning servers. Environment is Netware 5 (confirmed...)

ShineOn - not sure what you mean by a waste of resources. Having 2 servers running that are accessed by no-one is the only waste here... If you don't have anything valuable to contribute why even bother?
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 11955495
"Having 2 servers running that are accessed by no-one" IS a waste of resources.  

Why bother?  Because I felt like highlighting the willingness to waste resources by what appears to be a public school, that's why.  I happen to care how my tax dollars are spent.  Don't you?
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:Nuromancer
ID: 11955650
The servers are being decommisioned because they are currently serving no network function other than occupying IP addresses... The intention is to decommission them so they can be put to other use. So obviously there is no willingness to waste resources - but just the opposite.

0
 
LVL 35

Expert Comment

by:ShineOn
ID: 11956168
I guess you threw me by using the word "decommissioned."  Since they are actually being redeployed, not decommissioned, never mind.

I recall once having instructions for removing a server from the tree.  This is what I remember:

1)  If it contains a read/write or master replica of a partition, you need to remove them from the server.  Use NDS Manager.  If it has a Master, another server having a Read/Write replica should be made the Master.  Once the change has replicated, then the resulting Read/Write replica should be removed.  You have to wait a bit for any partition/replica activity to complete.

2)  Once all replicas are removed, make sure it isn't a time source.  The remaining server must be the time source (probably a Single)

3)  Use NDS Manager to remove the server.  Wait until it's done.

4)  In ConsoleOne or NWADMN32, delete any leftover objects pertaining to that server, like volume or SMDR or whatever.  They may have a yellow ? as the icon.

5)  Run DSREPAIR, full unattended, on the remaining server until no errors, or only a few, acceptable errors, are left.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11956287
OK, IF the environment is back up and running and everything is OK, its fairly simple. You do need to make sure that A) Timesync is active and time is synchronized and B) the NDS replicas are in sync. The "Unable to communicate with server .Lab218S.LAB218.RCHS-LABS." type of messages should be gone. If they're not, you've still got problems.

A) can be determined by, at EACH server console, entering --> TIME

Timesync should be reported as "active" and time should be "synchronized to the network". This needs to be true for all machines. The one server that is REMAINING in the Tree needs to be of type "PRIMARY", not "SECONDARY". If the server that is remaining behind is not the Primary Timeserver, then you need to make it that by altering SYS:SYSTEM\TIMESYNC.CFG  (its well-commented) and then unloading and reloading TIMESYNC.NLM. You need to make sure the servers that are going away are type SECONDARY. If you have to make changes and restart timesync, then you still need to make sure A) is met before proceeding.

B) can be determined using DSREPAIR - at the console prompt, enter --> DSREPAIR

Select the "Report Synchronization Status" menu item. All the replicas should not report any errors (errors are typically negative numeric codes). They should all be synched up to a time within a minute or so of each other.

Make sure this situation exists before proceeding.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11956308
Yeah, ShineOn, that's good when the Tree hasn't been screwed up by shutting down servers without removing them from the tree. If the third server is performing some useful function for some time before it is finally shut down, an orderly removal of the other two servers is important. Before we can do that orderly removal, we need to make sure the tree has healed itself.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 11956337
True.  True...
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11956457
OK, once the NDS Tree is confirmed in good shape, make sure the Master Replica of the [Root] partition is on the server that is staying. Again, use DSREPAIR.

At the console of that server, enter --> DSREPAIR

Choose "Advanced Options" and then "Replica and Partition Operations" and the only replica should be .[Root] - if there are other replicas, well, then your NDS Tree is more complex than we've been told (or it needs to be) and we have to do some other things.

The Type of the Replica should be "Master". If it is "Read/Write", then hit <ENTER> and select "Designate this server as the new Master replica". Back out to the DSREPAIR main menu, then go back in to that point - the replica type should now be "Master". Back out to the DSREPAIR main menu and choose "Report synchronization status" and make sure everyone in the ring is up to date.

Make note of which of the other servers host NDS replicas.

Exit DSREPAIR.

At a workstation, logged in as an admin-privledged user (the workstation MUST be using Novell Client 32, NOT the deliberately-crippled garbageware M$ Client for NetWare Networks), run SYS:PUBLIC\MGMT\PARTMGR.EXE (I *think* that is it - its been awhile since I did anything like this in NW v5, we migrated to NetWare v6.5 last year). Using that tool, remove the directory services replicas from the two servers that are going away. You should end up with one replica, the Master, on the server that is sticking around.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11956539
Exit PARTMGR. Go back into DSREPAIR on the server hosting the Master replica - when you Report Synchronization status, should just be that server.

Now go to the 2 servers that are going away. At the console prompt, enter --> NWCONFIG

Choose "Directory Options" and then "Remove Directory Services from the Server". You'll get the usual dire warning messages and be prompted for admin-privledged credentials. Once you remove Directory Services, the machines can be shut down. The remaining server will not complain, because he doesn't "know" about them any more. The NDS tree will be healthy because the remaining server hosts the only replica of the NDS database and does not want to replicate with anyone else.

You can go back into ConsoleOne and delete the Server, Volume, Certificate Authority, LDAP and whatever other objects belonged to those servers.

Your licensing on the remaining server should not be affected.
0
 
LVL 34

Assisted Solution

by:PsiCop
PsiCop earned 125 total points
ID: 11956612
Like ShineOn, I'm disappointed to see anyone move away from a platform as reliable, manageable and cost-effective as NetWare. Especially if its as something as expensive, cumbersome and mal-ware ridden as Windoze.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 11965160
I'm pretty sure NDS Manager was the tool of choice for both partition and replica operations with NetWare 5.  It would be in the same place as NWADMN32 - SYS:\PUBLIC\Win32 - and would be what gets launched when you take the NDS manager link in NWADMN32, tools menu, IIRC.
0
 
LVL 35

Accepted Solution

by:
ShineOn earned 125 total points
ID: 13470289
Nuromancer - it's been 6 months.

Were you successful?  Did we help?

Please come back and close this question.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

In  today’s increasingly digital world, managed service providers (MSPs) fight for their customers’ attention, looking for ways to make them stay and purchase more services. One way to encourage that behavior is to develop a dependable brand of prod…
For cloud, the “train has left the station” and in the Microsoft ERP & CRM world, that means the next generation of enterprise software from Microsoft is here: Dynamics 365 is Microsoft’s new integrated business solution that unifies CRM and ERP fun…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now